Finding a Use for GenAI in AppSec - Keith Hoodlet - ASW #323

Security Weekly Podcast Network (Audio)

#Security #Software Development #Tech News #Hacking #News #Tech #Security Weekly Productions

1:03:38

Too many entrepreneurs get stuck on the business treadmill, hustling nonstop, unable to scale, and unknowingly stalling their growth. That’s where Dave Ramsey began. After crashing into $3 million in debt, he rebuilt from scratch, turning a small radio program into a national show with millions of listeners. With over three decades of experience in entrepreneurship, business growth, and content creation, he knows what it takes to build a lasting business. In this episode, Dave reveals the six drivers of long-term success, the five key stages of startup growth, and how he balances life as an entrepreneur and a content creator. In this episode, Hala and Dave will discuss: (00:00) Introduction (00:23) The Core Principles of Financial Freedom (05:42) Adapting to Change as a Content Creator (09:22) Balancing Content Creation and Entrepreneurship (12:34) How to Create a Clear Path in Business (15:19) The Truth About Starting a Business Today (18:22) The Six Drivers of Business Success (26:20) Shifting From Tactical to Strategic Thinking (29:44) The Five Stages of Business Growth (41:10) Leading with Care, Clarity, and Accountability (47:10) Identifying the Right Leadership Skills (48:35) Starting a Media Business as an Entrepreneur Dave Ramsey is a personal finance expert, radio personality, bestselling author, and the founder and CEO of Ramsey Solutions. Over the past three decades, he has built a legacy of helping millions achieve financial freedom. As the host of The Ramsey Show , Dave reaches more than 18 million listeners each week. He is the author of eight national bestselling books. His latest, Build a Business You Love , helps entrepreneurs navigate growth and overcome challenges at every stage. Sponsored By: Shopify - Sign up for a one-dollar-per-month trial period at youngandprofiting.co/shopify OpenPhone: Streamline and scale your customer communications with OpenPhone. Get 20% off your first 6 months at openphone.com/profiting Airbnb - Find yourself a co-host at airbnb.com/host Indeed - Get a $75 sponsored job credit at indeed.com/profiting RobinHood - Receive your 3% boost on annual IRA contributions, sign up at robinhood.com/gold Factor - Get 50% off your first box plus free shipping at factormeals.com/factorpodcast Rakuten - Save while shopping at rakuten.com Microsoft Teams - Stop paying for tools. Get everything you need, for free at aka.ms/profiting LinkedIn Marketing Solutions - Get a $100 credit on your next campaign at linkedin.com/profiting Resources Mentioned: Dave’s Book, Build a Business You Love: bit.ly/BuildaBusinessYouLove Dave’s Website: ramseysolutions.com Active Deals - youngandprofiting.com/deals Key YAP Links Reviews - ratethispodcast.com/yap Youtube - youtube.com/c/YoungandProfiting LinkedIn - linkedin.com/in/htaha/ Instagram - instagram.com/yapwithhala/ Social + Podcast Services: yapmedia.com Transcripts - youngandprofiting.com/episodes-new Entrepreneurship, Entrepreneurship Podcast, Business, Business Podcast, Self Improvement, Self-Improvement, Personal Development, Starting a Business, Strategy, Investing, Sales, Selling, Psychology, Productivity, Entrepreneurs, AI, Artificial Intelligence, Technology, Marketing, Negotiation, Money, Finance, Side Hustle, Mental Health, Career, Leadership, Mindset, Health, Growth Mindset, Side Hustle, Passive Income, Online Business, Solopreneur, Networking.…

hace un año 54:08

MP3•Episodio en casa

Fetch error

Hmmm there seems to be a problem fetching this series right now. Last successful fetch was on April 24, 2025 21:17 (3d ago)

What now? This series will be checked again in the next day. If you believe it should be working, please verify the publisher's feed link below is valid and includes actual episode links. You can contact support to request the feed be immediately fetched.

LLMs are helping devs write code, but is it secure code? How are LLMs helping appsec teams? Keith Hoodlet returns to talk about where he's seen value from genAI, where it fits in with tools like source code analysis and fuzzers, and where its limitations mean we'll be relying on humans for a while. Those limitations don't mean appsec should dismiss LLMs as a tool. It means appsec should understand how things like context windows might limit a tool's security analysis to a few files, leaving a security architecture review to humans.

Segment resources:

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw-323

3086 episodios

Finding a Use for GenAI in AppSec - Keith Hoodlet - ASW #323

Security Weekly Podcast Network (Audio)

2,593 subscribers

published hace un año

MP3•Episodio en casa

Fetch error

Hmmm there seems to be a problem fetching this series right now. Last successful fetch was on April 24, 2025 21:17 (3d ago)

Segment resources:

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw-323

3086 episodios

#Security #Software Development #Tech News #Hacking #News #Tech #Security Weekly Productions

Tous les épisodes

Security Weekly Podcast Network (Audio)

1
Hacking Crosswalks and Attacking Boilers - PSW #871 2:04:15

hace 3 días2:04:15

2:04:15

The crosswalk is talking to me man!, don't block my website without due process, Florida is demanding encryption backdoors, attacking boilers and banning HackRF Ones, time to update your flipper zero, using AI to create working exploits, what happens when you combine an RP2350 and an ESP32? Hopefully good hackery things!, more evidence that patching is not enough, auditing the PHP source code, reading the MEGA advisories, threat actors lie about data breaches (you don't say?), the data breach that Hertz, CISA warns of ransomware, some can't get Ahold of data breaches, please don't let people take control of your PC over Zoom and Paul's hot takes on: 4chan hack, the CVE program, and Microsoft Recall! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-871…

Security Weekly Podcast Network (Audio)

1
ISO 42001 Certification, CIOs Struggle to Align Strategies, and CISOs Rethink Hiring - Martin Tschammer - BSW #392 1:03:55

hace 4 días1:03:55

1:03:55

AI Governance, the next frontier for AI Security. But what framework should you use? ISO/IEC 42001 is an international standard that specifies requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS) within organizations. It is designed for entities providing or utilizing AI-based products or services, ensuring responsible development and use of AI systems. But how do you get certified? What's the process look like? Martin Tschammer, Head of Security at Synthesia, joins Business Security Weekly to share his ISO 42001 certification journey. From corporate culture to the witness audit, Martin walks us through the certification process and the benefits they have gained from the certification. If you're considering ISO 42001 certification, this interview is a must see. In the leadership and communications section, Are 2 CEOs Better Than 1? Here Are The Benefits and Drawbacks You Must Consider, CISOs rethink hiring to emphasize skills over degrees and experience, Why Clear Executive Communication Is a Silent Driver of Organizational Success, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-392…

Security Weekly Podcast Network (Audio)

1
Brains, Elusive Comet, AI Scams, Microsoft Dog Food, Deleting Yourself, Josh Marpet - SWN #470 31:59

hace 5 días31:59

31:59

Brains, Scams, Elusive Comet, AI Scams, Microsoft Dog Food, Deleting Yourself, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-470

Security Weekly Podcast Network (Audio)

1
Managing Secrets - Vlad Matsiiako - ASW #327 1:03:03

hace 5 días1:03:03

1:03:03

Secrets end up everywhere, from dev systems to CI/CD pipelines to services, certificates, and cloud environments. Vlad Matsiiako shares some of the tactics that make managing secrets more secure as we discuss the distinctions between secure architectures, good policies, and developer friendly tools. We've thankfully moved on from forced 90-day user password rotations, but that doesn't mean there isn't a place for rotating secrets. It means that the tooling and processes for ephemeral secrets should be based on secure, efficient mechanisms rather than putting all the burden on users. And it also means that managing secrets shouldn't become an unmanaged risk with new attack surfaces or new points of failure. Segment Resources: https://infisical.com/blog/solving-secret-zero-problem https://infisical.com/blog/gitops-secrets-management Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-327…

Security Weekly Podcast Network (Audio)

1
The past, present, and future of enterprise AI - Matthew Toussain, Pravi Devineni - ESW #403 2:11:51

hace 6 días2:11:51

2:11:51

In this interview, we're excited to speak with Pravi Devineni, who was into AI before it was insane . Pravi has a PhD in AI and remembers the days when machine learning (ML) and AI were synonymous. This is where we'll start our conversation: trying to get some perspective around how generative AI has changed the overall landscape of AI in the enterprise. Then, we move on to the topic of AI safety and whether that should be the CISO's job, or someone else's. Finally, we'll discuss the future of AI and try to end on a positive or hopeful note! What a time to have this conversation! Mere days from the certain destruction of CVE, averted only in the 11th hour, we have a chat about vulnerability management lifecycles. CVEs are definitely part of them. Vulnerability management is very much a hot mess at the moment for many reasons. Even with perfectly stable support from the institutions that catalog and label vulnerabilities from vendors, we'd still have some serious issues to address, like: disconnects between vulnerability analysts and asset owners gaps and issues in vulnerability discovery and asset management different options for workflows between security and IT: which is best? patching it like you stole it Oh, did we mention Matt built an open source vuln scanner? https://sirius.publickey.io/ In the enterprise security news, lots of funding, but no acquisitions? New companies new tools including a SecOps chrome plugin and a chrome plugin that tells you the price of enterprise software prompt engineering tips from google being an Innovation Sandbox finalist will cost you Security brutalism CVE dumpster fires and a heartwarming story about a dog, because we need to end on something happy! All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-403…

Security Weekly Podcast Network (Audio)

1
HR Chatbots, MITRE, 4chan, Oracle, Identity, Port 53, NTLM, Zambia, Josh Marpet... - SWN #469 36:06

hace 9 días36:06

36:06

HR Chatbots, MITRE, 4chan, Oracle, Identity, Port 53, NTLM, Zambia, Josh Marpet, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-469

Security Weekly Podcast Network (Audio)

1
Govt Unravelling, AI Hijinx, Bot Chaos, Recall, Oracle, Slopesquatting, Tycoon 2FA... - PSW #870 2:06:35

hace 10 días2:06:35

2:06:35

Govt Unravelling, AI Hijinx, Bot Chaos, Recall, Oracle, Slopesquatting, Tycoon 2FA, College, who knows, a lot more... On Paul's Security Weekly. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-870

Security Weekly Podcast Network (Audio)

1
Deny By Default as CISOs Battle Platform Fatigue and Show Value to the Board - Danny Jenkins - BSW #391 1:05:34

hace 11 días1:05:34

1:05:34

Zero Trust isn't a new concept, but not one easily implemented. How do organizations transform cybersecurity from a "default allow" model, where everything is permitted unless blocked, to a "default deny" model? Danny Jenkins, Co-founder and CEO at ThreatLocker, joins Business Security Weekly to discuss this approach. Deny by default means all actions are blocked by default, with only explicitly approved activities allowed. This shift enhances security, reduces vulnerabilities, and sets a new standard for protecting organizations from cyber threats. ‍ Danny will discuss how ThreatLocker not only protects your endpoints and data from zero-day malware, ransomware, and other malicious software, but provides solutions for easy onboarding, management, and eliminates the lengthy approval processes of traditional solutions. This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! In the leadership and communications section, Bridging the Gap Between the CISO & the Board of Directors, CISO MindMap 2025: What do InfoSec Professionals Really Do?, How to Prevent Strategy Fatigue, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-391…

Security Weekly Podcast Network (Audio)

1
QUBIT AI, Recall This, Defender, Tycoon, Slopsquatting, Feng Mengleng, Aaran Leyland - SWN #468 35:45

hace 12 días35:45

35:45

QUBIT AI, Recall This, Defender, Tycoon, Slopsquatting, Feng Mengleng, Aaran Leyland, and more, on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-468

Security Weekly Podcast Network (Audio)

1
More WAFs in Blocking Mode and More Security Headaches from LLMs - Sandy Carielli, Janet Worthington - ASW #326 1:14:45

hace 12 días1:14:45

1:14:45

The breaches will continue until appsec improves. Janet Worthington and Sandy Carielli share their latest research on breaches from 2024, WAFs in 2025, and where secure by design fits into all this. WAFs are delivering value in a way that orgs are relying on them more for bot management and fraud detection. But adopting phishing-resistant authentication solutions like passkeys and deploying WAFs still seem peripheral to secure by design principles. We discuss what's necessary for establishing a secure environment and why so many orgs still look to tools. And with LLMs writing so much code, we continue to look for ways LLMs can help appsec in addition to all the ways LLMs keep recreating appsec problems. Resources https://www.forrester.com/blogs/breaches-and-lawsuits-and-fines-oh-my-what-we-learned-the-hard-way-from-2024/ https://www.forrester.com/blogs/wafs-are-now-the-center-of-application-protection-suites/ https://www.forrester.com/blogs/are-you-making-these-devsecops-mistakes-the-four-phases-you-need-to-know-before-your-code-becomes-your-vulnerability/ In the news, crates.io logging mistake shows the errors of missing redactions, LLMs give us slopsquatting as a variation on typosquatting, CaMeL kicks sand on prompt injection attacks, using NTLM flaws as lessons for authentication designs, tradeoffs between containers and WebAssembly, research gaps in the world of Programmable Logic Controllers, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-326…

Security Weekly Podcast Network (Audio)

1
What is old is new again: default deny on the endpoint - Colby DeRodeff, Danny Jenkins - ESW #402 2:03:21

hace 13 días2:03:21

2:03:21

Default deny is an old, and very recognizable term in security. Most folks that have been in the industry for a long time will associate the concept with firewall rules. The old network firewalls, positioned between the public Internet and private data centers, however, were relatively uncomplicated and static. Most businesses had a few hundred firewall rules at most. The idea of implementing default deny principles elsewhere were attempted, but without much success. Internal networks (NAC), and endpoints (application control 1.0) were too dynamic for the default deny approach to be feasible. Vendors built solutions, and enterprises tried to implement them, but most gave up. Default deny is still an ideal approach to protecting assets and data against attacks - what it needed was a better approach. An approach that could be implemented at scale, with less overhead. This is what we’ll be talking to Threatlocker’s CEO and co-founder, Danny Jenkins, about on this episode. They seemed to have cracked the code here and are eager to share how they did it. This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! We wanted security data? We got it! Now, what the heck do we DO with all of it? The core challenge of security operations, incident response, and even compliance is still a data management and analysis problem. Which is why we’re seeing companies like Abstract Security pop up to address some of these challenges. Abstract just released a comprehensive eBook on security data strategy, linked below, and you don’t even need to give up an email address to read it! In this interview, we’ll talk through some of the highlights: Challenges Myths Pillars of a data security strategy Understanding the tools available Segment Resources A Leader’s Guide to Security Data Strategy eBook In the enterprise security news, new startup funding what happened to the cybersecurity skills shortage? tools for playing with local GenAI models CVE assignment drama a SIEM-agnostic approach to detection engineering pitch for charity a lost dog that doesn’t want to be found All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-402…

Security Weekly Podcast Network (Audio)

1
Win95, Shuckworm, Ottokit, DCs, EC2, IAB, OSS, Recall, Josh Marpet, and More... - SWN #467 35:45

hace 16 días35:45

35:45

Win95, Shuckworm, Ottokit, DCs, EC2, IAB, OSS, Recall, Josh Marpet, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-467

Security Weekly Podcast Network (Audio)

1
You Should Just Patch - PSW #869 2:05:21

hace 17 días2:05:21

2:05:21

In the security news this week: You should really just patch things, the NVD backlog, Android phones with malware pre-installed, so convenient, keyloggers and a creepy pharmacist, snooping on federal workers, someone stole your browser history, NSA director fired, deputy director of NSA also fired, CrushFTP the saga continues, only steal the valid credit cards, another post that vanished from the Internet, hiding in NVRAM, protecting the Linux kernel, you down with MCP?, more EOL IoT, bypassing kernel protections, when are you ready for a pen test, red team and bug bounty, what EDR is really missing, and based on this story you should just patch everything all the time! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-869…

Security Weekly Podcast Network (Audio)

1
Balancing AI Opportunities vs. Risks to Drive Better Business Outcomes - Matt Muller, Summer Fowler - BSW #390 1:02:39

hace 18 días1:02:39

1:02:39

This week, it's double AI interview Monday! In our first interview, we discuss how to balance AI opportunities vs. risk. Artificial Intelligence (AI) has the potential to revolutionize how businesses operate. But with this exciting advancement comes new challenges that cannot be ignored. For proactive security and IT leaders, how do you balance the need of security and privacy in AI with the opportunities that come with accelerating adoption? Matt Muller, Field CISO at Tines, joins Business Security Weekly to discuss the unprecedented challenges facing Chief Information Security Officers (CISOs) and approaches to mitigate AI's security and privacy risks. In this interview, we'll discuss ways to mitigate AI's security and privacy risks and strategies to help ease AI stress on security teams. Segment Resources: - https://www.tines.com/blog/cisos-report-addressing-ai-pressures/ - https://www.tines.com/blog/ai-enterprise-mitigate-security-privacy-risks/ In our second interview, we dig into the challenges of securing Artificial Intelligence. Are you being asked to secure AI initiatives? What questions should you be asking your developers or vendors to validate security and privacy concerns? Who better to ask than Summer Fowler, CISO at Torc Robotics, a self-driving trucking company. Summer will guide us on her AI security journey to help us understand: Regulatory requirements regarding AI Build vs. buy decisions Security considerations for both build and buy scenarios Resources to help guide you Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-390…

Security Weekly Podcast Network (Audio)

1
DOS, Web Cams, VSCODE, Coinblack, Oracle, P&G, Satan, Sec Gemini, Josh Marpet... - SWN #466 33:48

hace 19 días33:48